A currently ongoing malicious email campaign is impersonating ADP in an attempt to trick its customers into thinking that they’ve received a ‘Package Delivery Notification.’ In reality though, once a user clicks on any of the links found in the malicious email, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

Sample screenshot of the spamvertised email:

Sample compromised URLs used in the campaign:hxxp://hrampanino.ru/securadp.htmlhxxp://gsmstyle.net/securadp.htmlhxxp://hello06.com/securadp.htmlhxxp://homou.org/securadp.htmlhxxp://gwcrc.or.kr/securadp.htmlhxxp://huabeipipe.com/securadp.htmlhxxp://hohyunworld.com/securadp.html

Known to have responded to 24.111.157.113 are also the following client-side exploits serving URLs, part of related campaigns:hxxp://buyersusaremote.net/kill/towards_crashed_turns.php – Email: calnroam@yahoo.comhxxp://cyberage-poker.net/kill/loading_requested_profile.phphxxp://teenlocal.net/kill/force-vision.php